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ABSTRACT 



A first cipher stream generated from a private key negotiated 
as a result of a public key exchange is partitioned to form a 
sequence of secondary keys. The secondary keys are then 
indexed. In one instance, each plaintext data packet is 
encrypted with a second cipher streams generated from a 
different one of the secondary keys. In another instance, a 
second cipher stream generated from a single secondary key 
is used to encrypt a plurality of plaintext data packets. A new 
second cipher stream generated from another one of the 
secondary keys is then used for encryption following each 
instance of the loss of a ciphertext data packet. The index is 
communicated with the ciphertext to identify which second- 
ary key is to be used in generating the second cipher stream 
needed for decryption. With knowledge of the secondary key 
to be used, re-synchronization (along with new private key 
negotiation) at each instance of a ciphertext data packet loss 
is obviated. 

20 Claims, 5 Drawing Sheets 
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ENCRYPTION OF DATA PACKETS USING A 11. Each security device includes a random number genera- 

SEQUENCE OF PRIVATE KEYS tor 14, a key generator 16 and an encryption/decryption 

GENERATED FROM A PUBLIC KEY device 18 (implementing a stream cipher such as RC4). The 

EXCHANGE encrypting/decrypting device 18 comprises a cipher stream 

5 generator 20 and an exclusive OR (XOR) multiplier 22. 

BACKGROUND OF THE INVENTION ^ ^ata communication (perhaps comprising digitized 

1. Technical Field of the Invention »P««* ia u torm . °J P"* 6 *) * kn * 10 « 
_ ... ... , . plaintext (PT) is being carried between Party A and Party B 

Tlie present invention relates to commumca ions and, m Qn ^ ^ aDd oyer ^ chaQnel u At ^ ^ {q lim 

particular, to encryptmg communications for transmission 10 uinteri ^ ^ ^ Meetly ( . tion) 

over unsecured communications channels using public key/ ^ en ^p ting/decryp ^ devicc 18 . It £ ^ 

private key techniques. decided to encrypt the communication. The random number 

2. Description of Related Art generator 14 of the security device 12A for Party A produces 
Communications take place over many different types of a secret random quantity y. Key generator 16 then generates 

channel media such as wireline, radio frequency, fiber optic, 15 two public quantities: 

and the like. The communications carried over each of these a> TC f cnc6 to as a base vector, which is an integer; and 

media are, however, subject to interception (commonly . 

referred to as "eavesdropping"). In instances where a com- P> t0 as a modulus > wmch 15 a P nme number 

munication concerns sensitive or proprietary information, it larger than a. 

is common for the parties to the communication to employ ™ From these public quantities and the secret random quantity, 

a security protocol (such as encryption or scrambling) in *° e key generator 16 for Party A generates a public key PK A 

order to prevent the eavesdropper from being able to dis- ™ accordance with the following: 
cover the communicated information. 

, , PK*-a v modp (1) 
In encryption, a plaintext message is encrypted by a 

sender into a ciphertext message using a key The security device 12A then initiates a key exchange with 

(cryptovariable) and then sent over a communications chan- me seC urity device 12B for Party B. A triplet (a,p,PK A ) is 

nel. A receiver then decrypts the communications channel scnt by me security device 12A to the security device 12B 

transmitted ciphertext message using the same key. An over t he communications channel 11 in a key exchange 

eavesdropper, who presumably does not have access to the 3q message (IKE). It will be understood that to the extent a and 

key, cannot decrypt the transmitted ciphertext message to p are prev iously agreed upon by Party A and Party B, they 

recover the plaintext message. Any sensitive or proprietary ^o not need to be included in the key exchange message. It 

information contained within the plaintext message is thus ^ noted here that the key exchange message is being 

safely communicated. sent without encryption. However, this is of no concern as 

It is not unusual for the sender and receiver to be located 35 the function for computing PK* is a one-way function (i.e., 

at a considerable distance from each other. In such cases, a it is mathematically impossible for an eavesdropper to 

number of problems arise in ensuring that the designated key determine the secret random quantity y from knowledge of 

necessary for decryption is securely communicated to the PK*). 

receiver. A secure channel, such as a courier service, may be i n response to the key exchange message, the security 

used to communicate the key. However, such channels tend ^ device 12B for Party B has its random number generator 14 

to be expensive, slow, and perhaps even unsecured in produce a secret random quantity x. Key generator 16 then 

instances where the trustworthiness of the courier is com- generates for Party B a public key PK B in accordance with 

promised. the following: 

To address this problem of key distribution, public key 

methods have been developed for security protocols wherein 45 PK^modp (2) 

a sender and receiver may independently determine a com- . , . t , . . , , 

-. , - . J . K f „ ,i - -The security device 12 B then completes the key exchange 

mon secret key by exchanging information based on secret 1 . J; „„ki,v i™. 

parameters known only to Item. The information that is ™* *? ^ 12 * ^ Party ^ The public key 

exchanged is known as "public keys", and although subject , ( PK *> » b y < he d ^ ice \ 2B t0 , «f 

tomtervlntionthec^rnmonsecretkeycannotbedetermined '„ dev «* UA over lhe ^^Tut^t l^Z 

by .be eavesdropper without having access to the secret exchange response message (EKE). It will be noted again 

parameters. One^ch well known public key encryption ^ ««*«f 'T^-^fTZ^T 

scheme is the Diffie-Hellman algorithm. See, U.S. Pat. No. ™tho u t encryption. Again, this .s of no concern as the 

4,200,770, to Hellman, et al. andVs. Pat. No. 4,218,582, to ^^T^^^Z^^ 

Hellman, et al. 55 



Reference is now made to FIGS, 1 and 2 wherein FIG. 1 



the eavesdropper cannot utilize mathematical processing to 
determine the secret random quantity x from knowledge of 
PK« 

is a block diagram of a secure communications system 10 in ^ . ators 16 of the dcvices n for Party 

accordance with the prior art which implements the Diffie- Aand p B nQw indcpcndcntly gencra i e a shared private 
Hellman public key encryption technique, and FIG 2 is a ^ accordancc wilh thc fol i owing: 

signal flow diagram illustrating prior art key exchange, 60 

encrypted data communication, and re -synchronization pro- K-a^mod p (3) 

cesses. There are two parties, Party A and Party B, to a 

conversation which is being carried over an unsecured nc key generator 16 for the Party A security device 12A 
communications channel 11 supported by, for example, a generates K as follows: 
wireline, radio frequency, fiber optic, or the like, commu- 65 

nications link. Each party has access to a security device 12 K-a^mod p-PK^mod p (4) 

positioned at opposite ends of the communications channel 
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Similarly, the key generator 16 for the Party B security proprietary information data communications then unfortu- 
device 12B generates K as follows: nately necessitates an inefficient re -synchronization. For 

sensitive or proprietary information data communications 



K-a^mod p-PK^a'tnod p (5) 



carried over such communications channels, there is a need 



While the security devices 12A and 12B are able to inde- 5 then for a more efficient and effective security protocol 

pendently generate the same secret key K, it will be recog- which does not necessarily require re-synchronization in the 

nized that an eavesdropper is unable to compute the private event of a data packet loss, 
key, in spile of having access to the public keys PK A and 

PK fi , because knowledge of the necessary secret random SUMMARY OF THE INVENTION 

quantities x and y is unknown and cannot be mathematically io t. L * . Jr t. rn » 

! * t*i_ * * i v ^ i * j * • To obviate the need for re-synchronization following loss 

determined. The private keys K are then applied to initialize e . . . 4 . . . . .J . . 4 . * 

. , , r * **a j_« l . * * i 4 of a cipnertext data packet, the present invention partitions 

th e cip he r st re am genera tors 20 which output a cipher stream . . . . j ■ i_ * • . * j 

n >u f- *u 1*1 no *u*u i • * ^ /iyr\ a pnvate key generated cipher stream into an indexed 

C that is either exclusively ORed 22 with the plaintext (PT) r _ - J * , . r ~ , . 

• . 4 fr ^u c t • • .u L sequence of secondary keys. The secondary keys are then 

to generate crphertex (CO for transmtSMon over the chan- Qo g ^ . ye ^ { ' / ets 

nel 11, or exclusively ORed with received cipnertext to 15 , . . . . . . r „ . 

erate the ri inal laintext transmission over a communications channel. Each 

genera c e origin p i in . transmitted ciphertext data packet then includes an index 

For a bi-directional data communication between Party A ., . £. . c k . . r e a i 

j n r» -ii * . j « rir t t . tl v . II identifying which of the plurality of secondary keys was 

and Party B as illustrated in FIG. 1, the secret key K actually ,P # . , u~j- . u /** , 

. , i-* • . \ *. i v j used for the encryption. In one embodiment, each plaintext 

comprises (i.e., may be split into) two keys Ka» and Ko*. . . « j u • * , Jf 

™ "1 , v . * J v r ' r «/7 data packet is encrypted by a cipher stream generated from 

The first pnvate key K AB is used by security device 12A to 20 . * *u j i i .i. 

» 1. 4 ** aj* * different one of the secondary keys. In another 

generate a cipher stream for encrypting Party A data , 4 . , . j * i 

& ^ . . ^ . . . 4 embodiment, the a cipher stream generated from a single 

communications, and by security device 12B to generate a . . . .... r . . °_ . . . . , . ° 

. . . r j ' . n.Aj* • secondary key is utilized to encrypt plaintext data packets 

cipher stream for decrypting Party A data communications. .... ' - 7 . , ^ . . t < 

« r . iL j • . i tt • ■ « - until loss of a ciphertext data packet occurs. At that point, a 

Conversely, the second pnvate key is used by secunty . . . r , , r r . r 4l _ . r ,. i r 

, ^-i^ . . • u / r *• n - «^ cipher stream generated from a next one of the plurality of 

device 12B to generate a cipher stteam for enayptmg .Party 25 ^ ke ^ is used fof eocfyptioil . In ^ ach 

B data communications, and by secunty device 12A to , ' ' L • ** 5 *i_ • j 

t/^tij. however, no re-synchronization need occur as the index 

generate a cipher stream for decrypting Party B data com- mchldcd ' h ciohcrtcxt data Dackcl identifies the 

munitions. The need for two private keys when handling mc ™«<i ™ n ea f° cl P; c . rt ™ dala P acKcI ldCDtlDCS tnc 

.. . . A . . r . ,* 4 , llL 8 secondary key to be used for decryption, 

bi-directional communications is required to ensure that the ' ' Jr 

same generated cipher stream is never used for the encryp- 30 BRIEF DESCRIPTION OF THE DRAWINGS 
lion of diflerent plaintext sequences. 

Once the cipher stream generators 20 are initialized with A more complete understanding of the method and appa- 
the appropriate private key K, they must remain synchro- ratus of the present invention may be acquired by reference 
nized in order to ensure proper conversion between plaintext to the following Detailed Description when taken in con- 
arid ciphertext. The communications channel accordingly 35 junction with the accompanying Drawings wherein: 
must be able to guarantee an ordered (i.e., correctly FIG. 1 (previously described) is a block diagram of a 
sequenced) delivery of any encrypted sequenced data pack- secure communications system in accordance with the prior 
ets so that synchronization may be maintained. In the event art which implements the Diffie-Hellman public key encryp- 
synchronization is lost, for example due to a loss of an tion technique; 

encrypted data packet during transmission over the channel 40 pjQ 2 (previously described) is a signal flow diagram 

11, re-synchronization followed by encryption with a new illustrating prior art key exchange, encrypted data 

private key must occur. This is so because the recovery of communication, and re -synchronization processes; 

plaintext is easily accomplished with knowledge of two ___ . , . ,. . . 

, . ' , i *il *l - u HG. 3 is a block diagram or a secure communications 

different plaintext messages encrypted with the same cipher , , PT . . 

, ,° c .u • . i xr\ r system in accordance with the present invention; 

stream C (i.e., produced from the same pnvate key K). 45 ' r 

Re-synchronization then requires a new exchange of FIG. 4 is a flow diagram for secondary private key 

public keys, followed by the independent generation of generation; 

another private key and appropriate initialization of the FIG. 5 is a simplified format used for the transmission of 

cipher stream generators 20. This process is undesirable as an encrypted data communication in accordance with the 

it significantly delays completion of the data communication 50 present invention; 

and consumes valuable communications resources (i.e., . FIG. 6 is a diagram illustrating a page organization of the 

wastes bandwidth) on the channel 11 during the key sequence of secondary private keys; 

exchange that could otherwise be used in carrying commu- FIG. 7 is a signal flow diagram illustrating the key 

nications which generate revenue. Furthermore, if one of the cxchari gc, encrypted data communication, and 

parties to the communication comprises a mobile commu- 55 re -synchronization processes of the present invention; 

nications device (such as a cellular telephone) the compu- „.„ 0 . . ... . . 

. v , . K t : ,f FIG. 8 is a state control diagram illustrating an encryption 

tation of the pnvate key is a processor intensive operation . , * . * j 

. " / j * *_ jt ■ key management process of the present invention; and 

requinng a significant time expenditure and causing a sig- ^ -© r r 

nificant drain on battery power resources. FIG - 9 * a si & nal flow digram illustrating the key 

The incidence of encrypted data packet loss necessitating 60 exchange, encrypted data communication, and 

re-synchronization is especially high in connection with re-synchronization processes of an alternative embodiment 

those communications channels 11, such as wireless radio ^ or me P rcsenl invention. 

frequency communications channels, which suffer from DETAILED DESCRIPTION OF THE DRAWINGS 
interference, distortion or fading. In fact, a five to ten percent 

data packet loss rate in connection with the use of wireless 65 Reference is now made to FIG. 3 wherein there is shown 

communications channels is not uncommon. Each instance a block diagram of a secure communications system 100 in 

of packet loss in connection with encrypted sensitive or accordance with the present invention. There are two parties, 
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Party A and Party B, to a conversation which is being carried Ihe first cipher stream generators 120 which output a first 

over an unsecured communications channel 111 supported cipher stream C. 

by, for example, a wireline, radio frequency, fiber optic, or This first cipher stream C is then processed by the 

the like, communications link. Each party has access to a partition and index device 121 which partitions the cipher 

security device 112 positioned at opposite ends of the $ stream into a sequence of secondary private keys C lt 

communications channel 111. Each security device includes C 2 , . . . , C,. The sequence of secondary private keys C a , 

a random number generator 114, a key generator 116 and an C 2 , . . . , Q is then applied to initialize the second cipher 

encrypting/decrypting device 118 (implementing any suit- stream generators 123 which output a second cipher stream 

able stream cipher including, for example, RC4). The C\ This second cipher stream C is then either exclusively 

encrypting/decrypting device 118 comprises a first cipher 10 ORed 122 with the plaintext sequence (PT<) to generate 

stream generator 120, a partitioning and indexing device ciphertext (CT^) for tr an s mi s si on over the channel 111, or 

121, a second cipher stream generator 123 and an exclusive exclusively ORed with received ciphertext to generate plain- 

OR (XOR) multiplier 122 lext * Each secondary private key Q is further provisioned by 

A data communication (perhaps comprising digitized !^ device 121 with a uniquely identifying index. The index 

speech or data in the form of data packed) referred to as 15 mdlcatul 8 which secondary private key C, is being used to 

olaintext <VT\ is being carried between Partv A and Partv B cncrypt a P arUcular plaintext sequence PT ( - is communicated 

plantext(Kl) is being carried oetween Party a ana rarty « oycr ^ cbumcl m t0 CDSUre synchronization and the 

on lines 124 and over the channel 111. At this point in tune utilization of the co^t key for decryption. This index may 
plaintext is being passed directly (i.e., without encryption) be exchanged 5elween lne securily devices 112 irj 
through the encrypting/decrypting device 118. A decision is U n-encrypted form because it bears no information concern- 
then made to switch to encrypted communication. The w mg the secondary private key Q other than a sequence (i.e., 
selection of a common secret key for encrypting Party A and indexing) number. 

Party B communications may be made using any suitable Reference is now made to FIG. 4 wherein there is shown 

public key exchange method including, for example, the a fl ow diagram for secondary private key generation. For a 

Diffie-Hellman method. The random number generator 114 bi-directional data communication between Party A and 

of the security device 112 A for Party A produces a random 2 s Party B as illustrated in FIG. 3, the private key K actually 

quantity y. Key generator 116 then generates the two public comprises (i.e., may be split into) two keys and K^. 

quantities a and p. From these public quantities and the The need for two private keys when handling bi-directional 

secret random quantity, the key generator 114 for Party A communications is required to ensure that the same cipher 

generates a public key VK A in accordance with Equation (1)- stream is never used for the encryption of different plaintext 

The security device 112A then initiates a key exchange with 30 sequences. The first private key is used to generate a 

the security device 112B for Party B. A triplet (a,p,PK A ) is forward first cipher stream and the second private key 

sent by the security device 112A to the security device 112B K^ is used to generate a reverse first cipher stream C^. The 

over the communications channel 111 in a key exchange forward first cipher stream is then partitioned and 

message (IKE). It will be understood that to the extent a and indexed to generate a first (or forward channel) secondary 

p are previously agreed upon by Party A and Party B, they 35 P nvale ke V sequence, with individual ones in the 

*, r , *_ . . , j . V , ' . ' t. sequence used to generate a forward second cipher stream 

do not need to be included in the key exchange message. It ^ mal isuse(J $ device mAto enc * t Party A 

will be remembered that the key exchange message is being TOmmunications , ^ b ^ x device 112B t0 

sent without encryption. However, this is of no concern as d { p A CT ^ ^^^o^ nc reverse firsl 

the function for computing PK A is a one-way function (i.e., dpber stfeam c ^ oa the other hand> is men partit i on ed and 

it is mathematically impossible for an eavesdropper to 40 indexed to generate a second (or reverse channel) secondary 

determine the secret random quantity y from knowledge of private key C^,- sequence, with individual ones in the 

PK A ) . sequence used to generate a reverse second cipher stream 

In response to the key exchange message, the security C^' that is used by security device 112B to encrypt Party B 

device 112B for Party B has its random number generator PT, data communications, and by security device 112 A to 

114 produce a random quantity x. Key generator 116 then 45 decrypt Party B CT ( - data communications, 

generates for Party B a public key PK^ in accordance with Reference is now made to FIG. 5 wherein there is shown 

Equation (2). The security device U2B then completes the a simplified format 140 used for the transmission of an 

key exchange with the security device 112A for Party A. The encrypted data communication segment (CT,.) 142 in accor- 

public key (PK fl ) is sent by the security device 112B to the dance with the present invention. The format 140 includes a 

security device 112A over the communications channel 111 50 plurality of fields (OTHER) 144 relating, for example, to 

in a key exchange response message (EKE). It will be packet reconstruction, compression and network layer 

remembered that the key exchange response message is protocol, which are not relevant to the present invention. The 

being sent without encryption. Again, this is of no concern format further includes a primary key index field (PKI) 146 

as the function for computing ?K B is a one-way function, which indicates the parity of the primary encryption/ 

and thus the eavesdropper cannot utilize mathematical pro- 55 decryption key K used to generate the plurality of secondary 

cessing to determine the secret random quantity x from keysC,-. A secondary key index fie Id 148, comprising a page 

knowledge of ?K B . identification 150 and a location (on the page) identification 

The key generators 116 of the security devices 112 for 152, is also included in the format 140. As noted above, a 
Party A and Party B now independently generate a shared sequence of secondary private keys C a , Cj, . . . , C, is 
private key K in accordance with Equations (4) and (5), 60 generated. The i generated keys are arranged in n groups (or 
respectively. While the security devices 112Aand 112B are pages) of m keys each. The page identification 152 accord- 
able to independently generate the same private key K, it ingly identifies which of the n groups of keys is being used 
will be recognized that an eavesdropper is unable to com- to encrypt the data. The location identification 152 then 
pute the private key, in spite of having access to the public identifies which particular one of the m keys on the identi- 
keysPK^ and PKp, because knowledge of the secret random 65 fled page n is being used to encrypt the data. This page 
quantities x and y is unknown and cannot be mathematically organization of the sequence of secondary private keys C 1( 
determined. The private keys K are theo applied to initialize Cj, . . . , C, is illustrated in FIG. 6. 
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Reference is now made to FIG. 7 wherein there is shown public keys generated (actions 174 and 180), and key 
a signal flow diagram illustrating the key exchange, exchange messages (IKE/EKE) 176 and 182 sent, 
encrypted data communication, and re -synchronization pro- Reference is now made to FIG. 8 wherein there is shown 
cesses of the present invention. Party A and Party B are a state control'diagram illustrating an encryption key man- 
engaged in a plaintext communication 170. The public key 5 agement process of the present invention. In normal 
exchange process is then initiated with Party A generation of operation, the protocol state for key management transitions 
the secret quantity y (action 172) and the public key PK* between a utilize current secondary private key state 196 and 
(action 174). The key exchange message (IKE) 176 is then a generate next secondary private key state 198. In state 196, 
sent to Party B. Party B responds by generating secret a data packet is either encrypted or decrypted using a second 
quantity x (action 178) and the public key PK^ (action 180), J0 cipher stream generated from the current secondary private 
The key exchange response message (EKE) 182 is then sent key. A transition is then made, following each encryption/ 
to Party A. Party A and Party B then independently generate decryption, to state 198 where a next secondary private key 
(action 184) the private key K from which the sequence of is generated. A transition is then made back to state 196 
secondary private keys C,, . . . , C,- is generated (action where this newly generate secondary private key becomes 
186). 15 the current one for use in generating the second cipher 

In order to simplify the illustration, only the encryption of stream needed for encrypting or decrypting a next data 

data communications 188 transmitted from Party A to Party packet. 

B is shown. A first plaintext sequence YY l is then encrypted Maintenance of synchronization between Party A and 
using a second cipher stream C generated from the first one Party B as to the proper secondary private key is accom- 
of the secondary private keys to produce a first ciphertext ^ plished through either a passive operation, an active sec- 
sequence CT X . A similar process is used to produce a second ondary key operation, or an active primary key operation. In 
ciphertext sequence CT 2 from a second cipher stream C passive operation, no message exchange between Party A 
generated from the second one of the secondary private keys and Party B regarding synchronization is required as the 
C 2 . This process continues for each of the subsequent index is merely passively incremented with each encryption 
plaintext sequences PT,. 25 or decryption and monitoring of the index field 148 (FIG. 5) 

It is noted, however, that with respect to the j-th plaintext of each sent ciphertext sequence CT t . 
sequence PT y encrypted with a second cipher stream C In active secondary key operation, a transition is made 
generated from the secondary private key C,, the ciphertext from state 198 to a confirm secondary index state 200. In the 
sequence CT, was not successfully transmitted (as indicated state 198, key management messages 190 and 192 (FIG. 7) 
by M X"). In accordance with the prior art process as illus- 30 are exchanged between Party A and Party B confirming 
trated in FIG. 2, this packet loss would require an immediate coordinated use of a secondary private key from the same 
re-synchronization necessitating a new public key exchange page n, and index m therein, for encryption and decryption, 
and cipher stream initialization. In the present invention, Once secondary key confirmation has been received, a 
synchronization is maintained allowing for continued packet transition is made back to state 198. With respect to the page 
transmission starting with the ciphertext sequence CT >+3 35 organization of secondary private keys Q illustrated in FIG. 
encrypted using a second cipher stream C generated from 6, state 200 is entered into following the completed trans- 
the secondary private key C /+J . The reason synchronization mission of one page worth of data packets, 
is maintained is that each, ciphertext sequence CT, is for- i n active primary key operation, a transition is made from 
matted for transmission (FIG. 5) to include information state 19$ to a key exchange state 202. In state 202, a 
(index 148) identifying which secondary key (page and 40 re-synchronization is performed to invoke the generation of 
location) should be utilized in generated the second cipher a new of secondary private keys (actions 184 and 186 of 
stream C needed for decrypting the transmission. As plural FIG. 7) by selecting new secret quantities, generating new 
keys have been negotiated and the current encryption key public keys generated and sending key exchange messages 
can be identified, there is no need to negotiate a new key for (IKE/EKE). With respect to the page organization of sec- 
continuing with the communication. 45 ondary private keys C,. illustrated in FIG. 6, state 202 is 

Following the processing of one page of data packets (i.e., entered into following the completed transmission of all n 

the encryption of m plaintext sequences PT ( - with individual pages worth of data packets. 

second cipher streams C generated from m secondary Simplified pseudo code describing state transitions in 

private keys C ( ), a key management message 190 is sent pjc, 8 with respect to passive secondary key operation may 

from Party A to Party B. This message 190 identifies the 50 be written as follows: 

index m and page n that Party A is using to encrypt (and/or j F re q Uest f or next secondary private key 

decrypt) data communications. Responsive to the message THEN increment index 

190, Party B sends a key management response message 192 jp m< j cx<ora 

confirming its coordinated use of a secondary private key f , , , . . . . , 

c . ° . . . .u . / ' THEN { use secondary key at incremented index location > 

from the same page n, and index m therein, for encryption 55 * m 

and decryption. Encryption in the foregoing manner utiliz- IF mdex>m AND page<n 

ing a second cipher stream C generated from an appropriate ™£N initiate active secondary key operation 

next secondary secret key then ensues. Key management ELSE {full sequence of secondary private keys C, used, 

occurs following the use of a last secondary secret key of a initiate active primary key operation} 

page. 50 Simplified pseudo code describing state transitions in 

Then, foUowing the processing of aU pages of data FIG. 8 with respect to encrypting side active secondary key 

packets (i.e., the encryption of i plaintext sequences PT„ the operation may be written as follows: 

last one being encrypted with a second cipher stream C IF secondary key requested>m 

generated from the secondary private key Q), the process THEN reset index 

re-synchronizes 194 to invoke the generation of a new set of 65 IF page<-n 

secondary private keys (actions 184 and 186). Accordingly, THEN {send key management message to peer 

secret quantities must be selected (actions 172 and 178), (decrypting entity) identifying next page} 



02/06/2004, EAST Version: 1.4.1 



6,052,466 

9 10 

IF peer responds and confirms fails. Thus, a second cipher stream C generated from a 

THEN {increment page, use first secondary private key single secondary private key is used to encrypt/decrypt 

at incremented page location} plural data packets. It is only when a packet delivery failure 

ELSE IF {error regarding key management message} occurs that the index is incremented and a new secondary 

THEN repeat procedure 5 private key is accessed for use. As before, maintenance of 

ELSE {full sequence of secondary private keys Q and synchronization between Party A and Party B as to the 

secondary key pages used, initiate active primary key P«>per secondary private key for use is accomplished 

operation} through either the passive operation, the active secondary 

Simplified pseudo code describing state transitions in k *V operation, or the active primary key operation. 

FIG. 8 with respect to decrypting side active secondary key ™ Reference is now made to FIG. 9 wherein there is shown 

operation may be written as follows: a si 8 Qal flow diagram illustrating the key exchange, 

IF {key management message received from peer encrypted data communication, and re-synchronization pro- 

(encrypting entity) identifies page greater than current page} cesses of an alternate embodiment for the present invention. 

THEN {increment page to match identified page respond Party A and Party B arc engaged in a plaintext communi- 

to key management message 15 catioa 170 ^ P Mc ke y exchange process is then initiated 

Ic . fJ , lt ... „ . .„ . tn ; „ with Party A generation of the secret quantity y (action 172) 

IF {data packet received with page index set to mere- ' ? t J JV ' 

mented a e} and the public key PK* (action 174), The key exchange 

men pagej message (IKE) 176 is then sent to Party B. Party B responds 

THEN {initialize decryption using secondary key indexed by generating quantity x (action 178) and the public 

from incremented page} m key pK ^ (action 180) ^ key excha nge response message 

} (EKE) 182 is then sent to Party A. Party A and Party B then 

Simplified pseudo code describing state transitions in independently generate (action 184) the private key K from 

FIG. 8 with respect to Party A active primary key operation which the sequence of secondary private keys Cj, C 2 , . . . , 

may be written as follows: Q is generated (action 186). 

IF new primary keys are required 2 S In order to simplify the illustration, only the encryption of 

THEN construct and send IKE message (plaintext) data communications 188' transmitted from Party A to Parly 

IF {receive EKE message responsive to IKE message} B is shown. A first one of the secondary private keys C 1 is 

THEN {execute public key algorithms, deduce new pri- ^ to generate a second cipher stream C for encrypting 

vate key and secondary private keys} P lural plaintext sequences PT and producing corresponding 

ripr .„ f ™ A 30 ciphertext sequences CT. The use of the second cipher 

ELSE IF error regarding IKE message / ^ . j *. • i j ■ * i ^ 

6 & & stream C generated from a single secondary private key C x 

THEN complete procedure or retransmit IKE to cacrypt plaintext sequences continues until such time as 

IF receive an EKE message (response required) a delivery failure occurs (as indicated by "X"). At that point, 

THEN discard EKE message a next one of the secondary private keys C 2 is used to 

IF receive an EKE message (response required) 35 generate a new second cipher stream C for encrypting 

THEN construct and transmit an IKE message (plaintext) subsequent plural plaintext sequences PT and producing 

Simplified pseudo code describing state transitions in corresponding ciphertext sequences CT. Again, as in the 

FIG. 8 with respect to Party B active primary key operation prior embodiment, the reason synchronization is maintained 

may be written as follows: in spite of delivery failure is that each ciphertext sequence 

IF new primary keys are required 40 CT is formatted for transmission (FIG. 5) to include infor- 

THEN construct and send EKE message (plaintext) mation (index 148) identifying which secondary key should 

IF receive IKE message De utilized t0 generate the second cipher stream C needed 

-t^vt ( u- i i *u a~a*~ ™, «^ for decrypting the transmission. As the encryption key can 

THEN {execute public key algonthms deduce new pn- be ide Xd, there is no need to negotiate a new key for 

vate key and secondary pnvate keys} tf ^ ^ TOminunication . 

IF receive IKE message (response required) Following the use one page worth (i.e., m in number) of 

THEN {construct and transmit EKE message (plaintext), secondary private keys C f to generate corresponding second 

execute public key algorithms, deduce new private key cipber streams c each encrypting a plurality of plaintext 

and secondary private keys, advance index} sequences PT, a key management message 190 is sent from 

ELSE IF error regarding EKE message 50 Party A to Party B. This message 190 identifies the index m 

THEN complete procedure and page n that Party A is using to encrypt (and/or decrypt) 

IF receive IKE message (response required) data communications. Responsive to the message 190, Party 

THEN {construct and transmit EKE message (plaintext), B sends a key management response message 192 confirm- 

execute public key algorithms, deduce new private key and ing its coordinated use of a secondary private key from the 

secondary private keys, advance index} 55 same page n, and index m therein, for encryption and 

Reference is now once again made to the state control decryption. Encryption in the foregoing manner utilizing a 

diagram of FIG. 8 for a description of an alternative embodi- second cipher stream C generated from an appropriate next 

ment of the present invention. It will be remembered that in secondary secret key then ensues. Key management occurs 

connection with the prior description, the protocol state for following the use of a last secondary secret key of a page, 

key management transitions between the current secondary 60 Then, following the use of all pages (i.e., n in number) of 

private key state 196 and the generate next secondary private secondary private keys C ( - to generate second cipher streams 

key state 198. The transition from state 196 (data packet C for encrypting a plurality of plaintext sequences PT (the 

encryption/decryption using the current secondary private last sequence of data packets being encrypted with a second 

key) to state 198 (where a next secondary private key is cipber stream generated from the secondary private key Q), 

generated) occurs after each such encryption/decryption 65 the process re-synchronizes 194 to invoke the generation of 

operation on a data packet. In the current embodiment, this a new set of secondary private keys (actions 184 and 186). 

transition occurs only each time that a data packet delivery Accordingly, secret quantities must be selected (actions 172 
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and 178), public keys generated (actions 174 and 180), and 
key exchange messages (IKE/EKE) 176 and 182 are sent. 

The pseudo code previously provided is equally appli- 
cable to this embodiment, with minor modification as nec- 
essary to account for the operational difference between 
utilizing a new key with each sequence/packet and using a 
new key with each delivery failure. 

It will be recognized that this embodiment of the present 
invention utilizes secondary private keys at a much lower 
rate than the preceding embodiment. Thus, key management 
transactions (190 and 192) as well as re-synchronization 
actions (194) occur less frequently, and a more efficient use 
of Limited bandwidth communications resources is made. 

Although preferred embodiments of the method and appa- 
ratus of the present invention have been illustrated in the 
accompanying Drawings and described in the foregoing 
Detailed Description, it will be understood that the invention 
is not limited to the embodiments disclosed, but is capable 
of numerous rearrangements, modifications and substitu- 
tions without departing from the spirit of the invention as set 
forth and defined by the following claims. 

What is claimed is: 

1. A private key generator, comprising: 

a first generator for generating a private key; 

a second generator initialized with the private key for 
generating a first cipher stream; 

a partitioner that partitions the first cipher stream into a 
plurality of secondary keys for use in generating cor- 
responding second cipher streams to encrypt plaintext 
information into ciphertext information; and 

an indexer for indexing the plurality of secondary keys, an 
index included with the ciphertext information identi- 
fying which of the indexed plurality of secondary keys 
was used in encrypting the plaintext information. 

2. The private key generator as in claim 1 further includ- 
ing: 

means for exchanging public keys; and 

wherein the first generator functions to generate the 

private key from processing at least one of the 

exchanged public keys. 

3. The private key generator as in claim 1 wherein the 
plaintext information comprises a plurality of plaintext 
packets, each plaintext packet encrypted with a second 
cipher stream generated from a different one of the second- 
ary keys. 

4. The private key generator as in claim 1 wherein the 
plaintext information comprises a plurality of plaintext 
packets, each sequence of plaintext packets handled between 
instances of ciphertext information loss encrypted with a 
second cipher stream generated from a different one of the 
secondary keys. 

5. The private key generator as in claim 1 wherein the first 
generator generates a new private key when each of the 
generated plurality of secondary keys from a prior private 
key has been used for encryption. 

6. A method for generating a private key, comprising the 
steps of: 

generating a private key; 

generating a first cipher stream initialized from the gen- 
erated private key; 

partitioning the first cipher stream into a plurality of 
secondary keys for use in generating corresponding 
second cipher streams to encrypt plaintext information 
into ciphcrtcxt information; and 

indexing the plurality of secondary keys, an index 
included with the ciphertext information identifying 
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which of the indexed plurality of secondary keys was 
used in encrypting the plaintext information. 

7. The method as in claim 6 further including the steps of: 
exchanging public keys; and 

generating the private key from processing at least one of 
the exchanged public keys. 

8. The method as in claim 6 wherein the plaintext infor- 
mation comprises a plurality of plaintext packets, further 
including the steps of: 

generating a plurality of second cipher streams, each 
second cipher stream initialized from a different one of 
the secondary keys; and 

encrypting each plaintext packet with a different one of 
the plurality of second cipher streams. 

9. The method as in claim 6 wherein the plaintext infor- 
mation comprises a plurality of plaintext packets, further 
including the steps of: 

generating a plurality of second cipher streams, each 
second cipher stream initialized from a different one of 
the secondary keys; and 

encrypting each sequence of plaintext packets handled 
between instances of ciphertext information loss with a 
different one of the plurality of second cipher streams. 

10. The method as in claim 6 further including the step of 
repeating the steps of claim 6 when each of the generated 
plurality of secondary keys has been used for encryption. 

11. An encryption device, comprising: 

a first generator for generating a private key; 

a second generator initialized with the private key for 
generating a first cipher stream; 

a partitioner for partitioning the first cipher stream into a 
plurality of secondary keys; 

an indexer for indexing the plurality of secondary keys; 

means for encrypting plaintext information into ciphertext 
information using second cipher streams generated 
from the plurality of secondary keys; and 

means for including an index with the ciphertext infor- 
mation identifying which of the indexed plurality of 
secondary keys was used in encrypting the plaintext 
information. 

12. The encryption device as in claim 11 further includ- 
ing: 

means for exchanging public keys; and 

wherein the first generator functions to generate the 

private key from processing at least one ot the 

exchanged public keys. 

13. The encryption device as in claim 11 wherein the 
plaintext information comprises a plurality of plaintext 
packets, and wherein the means for encrypting comprises: 

a third generator initialized with the secondary keys for 
generating corresponding second cipher streams; and 

means for encrypting each plaintext packet with a differ- 
ent one of the second cipher streams. 

14. The encryption device as in claim 11 wherein the 
plaintext information comprises a plurality of plaintext 
packets, and wherein the means for encrypting comprises: 

a third generator initialized with the secondary keys for 
generating corresponding second cipher streams; and 

means for encrypting each one of a plurality of sequences 
of plaintext packets that is handled between instances 
of ciphertext information loss with a different one of the 
second cipher streams. 

15. The encryption device as in claim 11 wherein the first 
generator generates a new private key when each of the 
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generated plurality of secondary keys from a prior private 
key has been used for encryption. 

16. A method for encrypting, comprising the steps of: 
generating a private key; 

generating a first cipher stream initialized from (he gen- 5 
erated private key; 

partitioning the first cipher stream into a plurality of 
secondary keys; 

indexing the plurality of secondary keys; 10 

encrypting plaintext information into ciphertext informa- 
tion using second cipher streams generated from the 
plurality of secondary keys; and 

including with the ciphertext information an index iden- 
tifying which of the indexed plurality of secondary 15 
keys was used in encrypting the plaintext information. 

17. Trie method as in claim 16 further including the steps 

of: 

exchanging public keys; and 

generating the private key from processing at least one of 
the exchanged public keys. 
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18. The method as in claim 16 wherein the plaintext 
information comprises a plurality of plaintext packets, and 
the step of encrypting comprises the steps of: 

generating second cipher streams each initialized from a 
different one of the plurality of secondary keys; and 

encrypting each plaintext packet with a different one of 
the second cipher streams. 

19. The method as in claim 16 wherein the plaintext 
information comprises a plurality of plaintext packets, and 
the step of encrypting comprises the steps of: 

generating second cipher streams each initialized from a 
different one of the plurality of secondary keys; and 

encrypting each sequence of plaintext packets handled 
between instances of ciphertext information loss with a 
different one of the second cipher streams. 

20. The method as in claim 16 farther including the step 
of repeating the steps of claim 16 when each of the generated 
plurality of secondary keys has been used for encryption. 

***** 
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